tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / os-specific / linux / systemd / default.nix
at fix-function-merge 836 lines 31 kB view raw
1# NOTE: Make sure to (re-)format this file on changes with `nixpkgs-fmt`! 2 3{ stdenv 4, lib 5, nixosTests 6, pkgsCross 7, fetchFromGitHub 8, fetchzip 9, fetchpatch 10, buildPackages 11, makeBinaryWrapper 12, ninja 13, meson 14, m4 15, pkg-config 16, coreutils 17, gperf 18, getent 19, glibcLocales 20, autoPatchelfHook 21 22 # glib is only used during tests (test-bus-gvariant, test-bus-marshal) 23, glib 24, gettext 25, python3Packages 26 27 # Mandatory dependencies 28, libcap 29, util-linux 30, kbd 31, kmod 32, libxcrypt 33 34 # Optional dependencies 35, pam 36, cryptsetup 37, audit 38, acl 39, lz4 40, libgcrypt 41, libgpg-error 42, libidn2 43, curl 44, gnutar 45, gnupg 46, zlib 47, xz 48, zstd 49, tpm2-tss 50, libuuid 51, libapparmor 52, intltool 53, bzip2 54, pcre2 55, elfutils 56, linuxHeaders ? stdenv.cc.libc.linuxHeaders 57, gnutls 58, iptables 59, withSelinux ? false 60, libselinux 61, withLibseccomp ? lib.meta.availableOn stdenv.hostPlatform libseccomp 62, libseccomp 63, withKexectools ? lib.meta.availableOn stdenv.hostPlatform kexec-tools 64, kexec-tools 65, bashInteractive 66, bash 67, libmicrohttpd 68, libfido2 69, p11-kit 70, libpwquality 71, qrencode 72, libarchive 73 74 # the (optional) BPF feature requires bpftool, libbpf, clang and llvm-strip to 75 # be available during build time. 76 # Only libbpf should be a runtime dependency. 77 # Note: llvmPackages is explicitly taken from buildPackages instead of relying 78 # on splicing. Splicing will evaluate the adjacent (pkgsHostTarget) llvmPackages 79 # which is sometimes problematic: llvmPackages.clang looks at targetPackages.stdenv.cc 80 # which, in the unfortunate case of pkgsCross.ghcjs, `throw`s. If we 81 # explicitly take buildPackages.llvmPackages, this is no problem because 82 # `buildPackages.targetPackages.stdenv.cc == stdenv.cc` relative to 83 # us. Working around this is important, because systemd is in the dependency 84 # closure of GHC via emscripten and jdk. 85, bpftools 86, libbpf 87 88 # Needed to produce a ukify that works for cross compiling UKIs. 89, targetPackages 90 91, withAcl ? true 92, withAnalyze ? true 93, withApparmor ? true 94, withAudit ? true 95 # compiles systemd-boot, assumes EFI is available. 96, withBootloader ? withEfi 97 && !stdenv.hostPlatform.isMusl 98 # "Unknown 64-bit data model" 99 && !stdenv.hostPlatform.isRiscV32 100 # adds bzip2, lz4, xz and zstd 101, withCompression ? true 102, withCoredump ? true 103, withCryptsetup ? true 104, withRepart ? true 105, withDocumentation ? true 106, withEfi ? stdenv.hostPlatform.isEfi 107, withFido2 ? true 108 # conflicts with the NixOS /etc management 109, withFirstboot ? false 110, withHomed ? !stdenv.hostPlatform.isMusl 111, withHostnamed ? true 112, withHwdb ? true 113, withImportd ? !stdenv.hostPlatform.isMusl 114, withIptables ? true 115, withKmod ? true 116, withLibBPF ? lib.versionAtLeast buildPackages.llvmPackages.clang.version "10.0" 117 # assumes hard floats 118 && (stdenv.hostPlatform.isAarch -> lib.versionAtLeast stdenv.hostPlatform.parsed.cpu.version "6") 119 # see https://github.com/NixOS/nixpkgs/pull/194149#issuecomment-1266642211 120 && !stdenv.hostPlatform.isMips64 121 # can't find gnu/stubs-32.h 122 && (stdenv.hostPlatform.isPower64 -> stdenv.hostPlatform.isBigEndian) 123 # https://reviews.llvm.org/D43106#1019077 124 && (stdenv.hostPlatform.isRiscV32 -> stdenv.cc.isClang) 125 # buildPackages.targetPackages.llvmPackages is the same as llvmPackages, 126 # but we do it this way to avoid taking llvmPackages as an input, and 127 # risking making it too easy to ignore the above comment about llvmPackages. 128 && lib.meta.availableOn stdenv.hostPlatform buildPackages.targetPackages.llvmPackages.compiler-rt 129, withLibidn2 ? true 130, withLocaled ? true 131, withLogind ? true 132, withMachined ? true 133, withNetworkd ? true 134, withNss ? !stdenv.hostPlatform.isMusl 135, withOomd ? true 136, withPam ? true 137, withPasswordQuality ? true 138, withPCRE2 ? true 139, withPolkit ? true 140, withPortabled ? !stdenv.hostPlatform.isMusl 141, withQrencode ? true 142, withRemote ? !stdenv.hostPlatform.isMusl 143, withResolved ? true 144, withShellCompletions ? true 145, withSysusers ? true 146, withSysupdate ? true 147, withTimedated ? true 148, withTimesyncd ? true 149, withTpm2Tss ? true 150 # adds python to closure which is too much by default 151, withUkify ? false 152, withUserDb ? true 153, withUtmp ? !stdenv.hostPlatform.isMusl 154, withVmspawn ? true 155 # kernel-install shouldn't usually be used on NixOS, but can be useful, e.g. for 156 # building disk images for non-NixOS systems. To save users from trying to use it 157 # on their live NixOS system, we disable it by default. 158, withKernelInstall ? false 159, withLibarchive ? true 160 # tests assume too much system access for them to be feasible for us right now 161, withTests ? false 162 # build only libudev and libsystemd 163, buildLibsOnly ? false 164 165 # yes, pname is an argument here 166, pname ? "systemd" 167 168, libxslt 169, docbook_xsl 170, docbook_xml_dtd_42 171, docbook_xml_dtd_45 172, withLogTrace ? false 173}: 174 175assert withImportd -> withCompression; 176assert withCoredump -> withCompression; 177assert withHomed -> withCryptsetup; 178assert withHomed -> withPam; 179assert withUkify -> (withEfi && withBootloader); 180assert withRepart -> withCryptsetup; 181assert withBootloader -> withEfi; 182 183let 184 wantCurl = withRemote || withImportd; 185 wantGcrypt = withResolved || withImportd; 186 version = "256.2"; 187 188 # Use the command below to update `releaseTimestamp` on every (major) version 189 # change. More details in the commentary at mesonFlags. 190 # command: 191 # $ curl -s https://api.github.com/repos/systemd/systemd/releases/latest | \ 192 # jq '.created_at|strptime("%Y-%m-%dT%H:%M:%SZ")|mktime' 193 releaseTimestamp = "1720202583"; 194in 195stdenv.mkDerivation (finalAttrs: { 196 inherit pname version; 197 198 # We use systemd/systemd-stable for src, and ship NixOS-specific patches inside nixpkgs directly 199 # This has proven to be less error-prone than the previous systemd fork. 200 src = fetchFromGitHub { 201 owner = "systemd"; 202 repo = "systemd"; 203 rev = "v${version}"; 204 hash = "sha256-fyHzL+oe192YYuwyoTrov10IlrB0NSfY/XKVWzJrQEI="; 205 }; 206 207 # On major changes, or when otherwise required, you *must* : 208 # 1. reformat the patches, 209 # 2. `git am path/to/00*.patch` them into a systemd worktree, 210 # 3. rebase to the more recent systemd version, 211 # 4. and export the patches again via 212 # `git -c format.signoff=false format-patch v${version} --no-numbered --zero-commit --no-signature`. 213 # Use `find . -name "*.patch" | sort` to get an up-to-date listing of all 214 # patches 215 patches = [ 216 ./0001-Start-device-units-for-uninitialised-encrypted-devic.patch 217 ./0002-Don-t-try-to-unmount-nix-or-nix-store.patch 218 ./0003-Fix-NixOS-containers.patch 219 ./0004-Add-some-NixOS-specific-unit-directories.patch 220 ./0005-Get-rid-of-a-useless-message-in-user-sessions.patch 221 ./0006-hostnamed-localed-timedated-disable-methods-that-cha.patch 222 ./0007-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch 223 ./0008-localectl-use-etc-X11-xkb-for-list-x11.patch 224 ./0009-add-rootprefix-to-lookup-dir-paths.patch 225 ./0010-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch 226 ./0011-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch 227 ./0012-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch 228 ./0013-inherit-systemd-environment-when-calling-generators.patch 229 ./0014-core-don-t-taint-on-unmerged-usr.patch 230 ./0015-tpm2_context_init-fix-driver-name-checking.patch 231 ./0016-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch 232 ./0017-meson.build-do-not-create-systemdstatedir.patch 233 234 # https://github.com/systemd/systemd/pull/33258 235 # Remove after 256.3 236 (fetchpatch { 237 url = "https://github.com/systemd/systemd/compare/b268a71069786a45460807967e669d505ba3c5a2..f26b2ec46118a4493608618da2253bb9dfc6b517.patch"; 238 hash = "sha256-OmuPDm3NykrDeNTA3NcYt9iTXEUFwKJ5apPP4KqtABg="; 239 }) 240 241 # https://github.com/systemd/systemd/pull/33400 242 (fetchpatch { 243 url = "https://github.com/systemd/systemd/compare/051d462b42fe6c27824046c15cd3c84fa5afe05b..5e2d802c018f0b6d5dd58745f64d6958fa261096.patch"; 244 hash = "sha256-drGAnx+ECixOjIP0DUSbCG/emUgoVips9WQL5ny3NKQ="; 245 }) 246 ] ++ lib.optional (stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isGnu) [ 247 ./0018-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch 248 ] ++ lib.optional stdenv.hostPlatform.isMusl ( 249 let 250 oe-core = fetchzip { 251 url = "https://git.openembedded.org/openembedded-core/snapshot/openembedded-core-6fdf03bd950e55ef7881041606f6e76141033716.tar.gz"; 252 sha256 = "/+9aJdOxBY8Y4vJPftOCxmyK8L2nvR82KmJxil1a2aY="; 253 }; 254 musl-patches = oe-core + "/meta/recipes-core/systemd/systemd"; 255 in 256 [ 257 (musl-patches + "/0017-Adjust-for-musl-headers.patch") 258 (musl-patches + "/0016-pass-correct-parameters-to-getdents64.patch") 259 (musl-patches + "/0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch") 260 (musl-patches + "/0001-missing_type.h-add-comparison_fn_t.patch") 261 (musl-patches + "/0002-add-fallback-parse_printf_format-implementation.patch") 262 (musl-patches + "/0003-src-basic-missing.h-check-for-missing-strndupa.patch") 263 (musl-patches + "/0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch") 264 (musl-patches + "/0005-add-missing-FTW_-macros-for-musl.patch") 265 (musl-patches + "/0006-Use-uintmax_t-for-handling-rlim_t.patch") 266 (musl-patches + "/0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch") 267 (musl-patches + "/0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch") 268 (musl-patches + "/0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch") 269 (musl-patches + "/0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch") 270 (musl-patches + "/0011-avoid-redefinition-of-prctl_mm_map-structure.patch") 271 (musl-patches + "/0012-do-not-disable-buffer-in-writing-files.patch") 272 (musl-patches + "/0013-Handle-__cpu_mask-usage.patch") 273 (musl-patches + "/0014-Handle-missing-gshadow.patch") 274 (musl-patches + "/0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch") 275 (musl-patches + "/0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch") 276 (musl-patches + "/0021-shared-Do-not-use-malloc_info-on-musl.patch") 277 (musl-patches + "/0022-avoid-missing-LOCK_EX-declaration.patch") 278 ] 279 ); 280 281 postPatch = '' 282 substituteInPlace src/basic/path-util.h --replace "@defaultPathNormal@" "${placeholder "out"}/bin/" 283 '' + lib.optionalString withLibBPF '' 284 substituteInPlace meson.build \ 285 --replace "find_program('clang'" "find_program('${stdenv.cc.targetPrefix}clang'" 286 '' + lib.optionalString withUkify '' 287 substituteInPlace src/ukify/ukify.py \ 288 --replace \ 289 "'readelf'" \ 290 "'${targetPackages.stdenv.cc.bintools.targetPrefix}readelf'" \ 291 --replace \ 292 "/usr/lib/systemd/boot/efi" \ 293 "$out/lib/systemd/boot/efi" 294 '' 295 # Finally, patch shebangs in scripts used at build time. This must not patch 296 # scripts that will end up in the output, to avoid build platform references 297 # when cross-compiling. 298 + '' 299 shopt -s extglob 300 patchShebangs tools test src/!(rpm|kernel-install|ukify) src/kernel-install/test-kernel-install.sh 301 ''; 302 303 outputs = [ "out" "dev" ] ++ (lib.optional (!buildLibsOnly) "man"); 304 separateDebugInfo = true; 305 306 hardeningDisable = [ 307 # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111523 308 "trivialautovarinit" 309 # breaks clang -target bpf; should be fixed to filter target? 310 ] ++ (lib.optional withLibBPF "zerocallusedregs"); 311 312 nativeBuildInputs = 313 [ 314 pkg-config 315 makeBinaryWrapper 316 gperf 317 ninja 318 meson 319 glibcLocales 320 getent 321 m4 322 autoPatchelfHook 323 324 intltool 325 gettext 326 327 libxslt 328 docbook_xsl 329 docbook_xml_dtd_42 330 docbook_xml_dtd_45 331 bash 332 (buildPackages.python3Packages.python.withPackages (ps: with ps; [ lxml jinja2 ] ++ lib.optional withEfi ps.pyelftools)) 333 ] 334 ++ lib.optionals withLibBPF [ 335 bpftools 336 buildPackages.llvmPackages.clang 337 buildPackages.llvmPackages.libllvm 338 ] 339 ; 340 341 buildInputs = 342 [ 343 libxcrypt 344 libcap 345 libuuid 346 linuxHeaders 347 bashInteractive # for patch shebangs 348 ] 349 350 ++ lib.optionals wantGcrypt [ libgcrypt libgpg-error ] 351 ++ lib.optional withTests glib 352 ++ lib.optional withAcl acl 353 ++ lib.optional withApparmor libapparmor 354 ++ lib.optional withAudit audit 355 ++ lib.optional wantCurl (lib.getDev curl) 356 ++ lib.optionals withCompression [ zlib bzip2 lz4 xz zstd ] 357 ++ lib.optional withCoredump elfutils 358 ++ lib.optional withCryptsetup (lib.getDev cryptsetup.dev) 359 ++ lib.optional withKexectools kexec-tools 360 ++ lib.optional withKmod kmod 361 ++ lib.optional withLibidn2 libidn2 362 ++ lib.optional withLibseccomp libseccomp 363 ++ lib.optional withIptables iptables 364 ++ lib.optional withPam pam 365 ++ lib.optional withPCRE2 pcre2 366 ++ lib.optional withSelinux libselinux 367 ++ lib.optionals withRemote [ libmicrohttpd gnutls ] 368 ++ lib.optionals (withHomed || withCryptsetup) [ p11-kit ] 369 ++ lib.optionals (withHomed || withCryptsetup) [ libfido2 ] 370 ++ lib.optionals withLibBPF [ libbpf ] 371 ++ lib.optional withTpm2Tss tpm2-tss 372 ++ lib.optional withUkify (python3Packages.python.withPackages (ps: with ps; [ pefile ])) 373 ++ lib.optionals withPasswordQuality [ libpwquality ] 374 ++ lib.optionals withQrencode [ qrencode ] 375 ++ lib.optionals withLibarchive [ libarchive ] 376 ; 377 378 mesonBuildType = "release"; 379 380 mesonFlags = [ 381 # Options 382 383 # We bump this attribute on every (major) version change to ensure that we 384 # have known-good value for a timestamp that is in the (not so distant) 385 # past. This serves as a lower bound for valid system timestamps during 386 # startup. Systemd will reset the system timestamp if this date is +- 15 387 # years from the system time. 388 # See the systemd v250 release notes for further details: 389 # https://github.com/systemd/systemd/blob/60e930fc3e6eb8a36fbc184773119eb8d2f30364/NEWS#L258-L266 390 (lib.mesonOption "time-epoch" releaseTimestamp) 391 392 (lib.mesonOption "version-tag" version) 393 (lib.mesonOption "mode" "release") 394 (lib.mesonOption "tty-gid" "3") # tty in NixOS has gid 3 395 (lib.mesonOption "debug-shell" "${bashInteractive}/bin/bash") 396 (lib.mesonOption "pamconfdir" "${placeholder "out"}/etc/pam.d") 397 (lib.mesonOption "kmod-path" "${kmod}/bin/kmod") 398 399 # Attempts to check /usr/sbin and that fails in macOS sandbox because 400 # permission is denied. If /usr/sbin is not a symlink, it defaults to true. 401 # We set it to false since stdenv moves sbin/* to bin and creates a symlink, 402 # that is, we do not have split bin. 403 (lib.mesonOption "split-bin" "false") 404 405 # D-Bus 406 (lib.mesonOption "dbuspolicydir" "${placeholder "out"}/share/dbus-1/system.d") 407 (lib.mesonOption "dbussessionservicedir" "${placeholder "out"}/share/dbus-1/services") 408 (lib.mesonOption "dbussystemservicedir" "${placeholder "out"}/share/dbus-1/system-services") 409 410 # pkgconfig 411 (lib.mesonOption "pkgconfiglibdir" "${placeholder "dev"}/lib/pkgconfig") 412 (lib.mesonOption "pkgconfigdatadir" "${placeholder "dev"}/share/pkgconfig") 413 414 # Keyboard 415 (lib.mesonOption "loadkeys-path" "${kbd}/bin/loadkeys") 416 (lib.mesonOption "setfont-path" "${kbd}/bin/setfont") 417 418 # SBAT 419 (lib.mesonOption "sbat-distro" "nixos") 420 (lib.mesonOption "sbat-distro-summary" "NixOS") 421 (lib.mesonOption "sbat-distro-url" "https://nixos.org/") 422 (lib.mesonOption "sbat-distro-pkgname" pname) 423 (lib.mesonOption "sbat-distro-version" version) 424 425 # Users 426 (lib.mesonOption "system-uid-max" "999") 427 (lib.mesonOption "system-gid-max" "999") 428 429 # SysVinit 430 (lib.mesonOption "sysvinit-path" "") 431 (lib.mesonOption "sysvrcnd-path" "") 432 433 # Login 434 (lib.mesonOption "sulogin-path" "${util-linux.login}/bin/sulogin") 435 (lib.mesonOption "nologin-path" "${util-linux.login}/bin/nologin") 436 437 # Mount 438 (lib.mesonOption "mount-path" "${lib.getOutput "mount" util-linux}/bin/mount") 439 (lib.mesonOption "umount-path" "${lib.getOutput "mount" util-linux}/bin/umount") 440 441 # SSH 442 # Disabled for now until someone makes this work. 443 (lib.mesonOption "sshconfdir" "no") 444 (lib.mesonOption "sshdconfdir" "no") 445 446 447 # Features 448 449 # Tests 450 (lib.mesonBool "tests" withTests) 451 (lib.mesonEnable "glib" withTests) 452 (lib.mesonEnable "dbus" withTests) 453 454 # Compression 455 (lib.mesonEnable "bzip2" withCompression) 456 (lib.mesonEnable "lz4" withCompression) 457 (lib.mesonEnable "xz" withCompression) 458 (lib.mesonEnable "zstd" withCompression) 459 (lib.mesonEnable "zlib" withCompression) 460 461 # NSS 462 (lib.mesonEnable "nss-mymachines" (withNss && withMachined)) 463 (lib.mesonEnable "nss-resolve" withNss) 464 (lib.mesonBool "nss-myhostname" withNss) 465 (lib.mesonBool "nss-systemd" withNss) 466 467 # Cryptsetup 468 (lib.mesonEnable "libcryptsetup" withCryptsetup) 469 (lib.mesonEnable "libcryptsetup-plugins" withCryptsetup) 470 (lib.mesonEnable "p11kit" (withHomed || withCryptsetup)) 471 472 # FIDO2 473 (lib.mesonEnable "libfido2" withFido2) 474 (lib.mesonEnable "openssl" (withHomed || withFido2 || withSysupdate)) 475 476 # Password Quality 477 (lib.mesonEnable "pwquality" withPasswordQuality) 478 (lib.mesonEnable "passwdqc" false) 479 480 # Remote 481 (lib.mesonEnable "remote" withRemote) 482 (lib.mesonEnable "microhttpd" withRemote) 483 484 (lib.mesonEnable "pam" withPam) 485 (lib.mesonEnable "acl" withAcl) 486 (lib.mesonEnable "audit" withAudit) 487 (lib.mesonEnable "apparmor" withApparmor) 488 (lib.mesonEnable "gcrypt" wantGcrypt) 489 (lib.mesonEnable "importd" withImportd) 490 (lib.mesonEnable "homed" withHomed) 491 (lib.mesonEnable "polkit" withPolkit) 492 (lib.mesonEnable "elfutils" withCoredump) 493 (lib.mesonEnable "libcurl" wantCurl) 494 (lib.mesonEnable "libidn" false) 495 (lib.mesonEnable "libidn2" withLibidn2) 496 (lib.mesonEnable "libiptc" withIptables) 497 (lib.mesonEnable "repart" withRepart) 498 (lib.mesonEnable "sysupdate" withSysupdate) 499 (lib.mesonEnable "seccomp" withLibseccomp) 500 (lib.mesonEnable "selinux" withSelinux) 501 (lib.mesonEnable "tpm2" withTpm2Tss) 502 (lib.mesonEnable "pcre2" withPCRE2) 503 (lib.mesonEnable "bpf-framework" withLibBPF) 504 (lib.mesonEnable "bootloader" withBootloader) 505 (lib.mesonEnable "ukify" withUkify) 506 (lib.mesonEnable "kmod" withKmod) 507 (lib.mesonEnable "qrencode" withQrencode) 508 (lib.mesonEnable "vmspawn" withVmspawn) 509 (lib.mesonEnable "libarchive" withLibarchive) 510 (lib.mesonEnable "xenctrl" false) 511 (lib.mesonEnable "gnutls" false) 512 (lib.mesonEnable "xkbcommon" false) 513 (lib.mesonEnable "man" true) 514 515 (lib.mesonBool "analyze" withAnalyze) 516 (lib.mesonBool "logind" withLogind) 517 (lib.mesonBool "localed" withLocaled) 518 (lib.mesonBool "hostnamed" withHostnamed) 519 (lib.mesonBool "machined" withMachined) 520 (lib.mesonBool "networkd" withNetworkd) 521 (lib.mesonBool "oomd" withOomd) 522 (lib.mesonBool "portabled" withPortabled) 523 (lib.mesonBool "hwdb" withHwdb) 524 (lib.mesonBool "timedated" withTimedated) 525 (lib.mesonBool "timesyncd" withTimesyncd) 526 (lib.mesonBool "userdb" withUserDb) 527 (lib.mesonBool "coredump" withCoredump) 528 (lib.mesonBool "firstboot" withFirstboot) 529 (lib.mesonBool "resolve" withResolved) 530 (lib.mesonBool "sysusers" withSysusers) 531 (lib.mesonBool "efi" withEfi) 532 (lib.mesonBool "utmp" withUtmp) 533 (lib.mesonBool "log-trace" withLogTrace) 534 (lib.mesonBool "kernel-install" withKernelInstall) 535 (lib.mesonBool "quotacheck" false) 536 (lib.mesonBool "ldconfig" false) 537 (lib.mesonBool "install-sysconfdir" false) 538 (lib.mesonBool "create-log-dirs" false) 539 (lib.mesonBool "smack" true) 540 (lib.mesonBool "b_pie" true) 541 542 ] ++ lib.optionals (withShellCompletions == false) [ 543 (lib.mesonOption "bashcompletiondir" "no") 544 (lib.mesonOption "zshcompletiondir" "no") 545 ] ++ lib.optionals stdenv.hostPlatform.isMusl [ 546 (lib.mesonBool "gshadow" false) 547 (lib.mesonBool "idn" false) 548 ]; 549 preConfigure = 550 let 551 # A list of all the runtime binaries referenced by the source code (plus 552 # scripts and unit files) of systemd executables, tests and libraries. 553 # As soon as a dependency is lo longer required we should remove it from 554 # the list. 555 # The `where` attribute for each of the replacement patterns must be 556 # exhaustive. If another (unhandled) case is found in the source code the 557 # build fails with an error message. 558 binaryReplacements = [ 559 { 560 search = "/usr/bin/getent"; 561 replacement = "${getent}/bin/getent"; 562 where = [ "src/nspawn/nspawn-setuid.c" ]; 563 } 564 { 565 search = "/sbin/mkswap"; 566 replacement = "${lib.getBin util-linux}/sbin/mkswap"; 567 where = [ 568 "man/systemd-makefs@.service.xml" 569 ]; 570 } 571 { 572 search = "/sbin/swapon"; 573 replacement = "${lib.getOutput "swap" util-linux}/sbin/swapon"; 574 where = [ 575 "src/core/swap.c" 576 "src/basic/unit-def.h" 577 ]; 578 } 579 { 580 search = "/sbin/swapoff"; 581 replacement = "${lib.getOutput "swap" util-linux}/sbin/swapoff"; 582 where = [ "src/core/swap.c" ]; 583 } 584 { 585 search = "/bin/echo"; 586 replacement = "${coreutils}/bin/echo"; 587 where = [ 588 "man/systemd-analyze.xml" 589 "man/systemd.service.xml" 590 "man/systemd-run.xml" 591 "src/analyze/test-verify.c" 592 "src/test/test-env-file.c" 593 "src/test/test-fileio.c" 594 "src/test/test-load-fragment.c" 595 ]; 596 } 597 { 598 search = "/bin/cat"; 599 replacement = "${coreutils}/bin/cat"; 600 where = [ 601 "test/test-execute/exec-noexecpaths-simple.service" 602 "src/journal/cat.c" 603 ]; 604 } 605 { 606 search = "/usr/lib/systemd/systemd-fsck"; 607 replacement = "$out/lib/systemd/systemd-fsck"; 608 where = [ "man/systemd-fsck@.service.xml" ]; 609 } 610 ] ++ lib.optionals withImportd [ 611 { 612 search = "\"gpg\""; 613 replacement = "\\\"${gnupg}/bin/gpg\\\""; 614 where = [ "src/import/pull-common.c" ]; 615 } 616 { 617 search = "\"tar\""; 618 replacement = "\\\"${gnutar}/bin/tar\\\""; 619 where = [ 620 "src/import/export-tar.c" 621 "src/import/import-common.c" 622 "src/import/import-tar.c" 623 ]; 624 ignore = [ 625 # occurrences here refer to the tar sub command 626 "src/sysupdate/sysupdate-resource.c" 627 "src/sysupdate/sysupdate-transfer.c" 628 "src/import/pull.c" 629 "src/import/export.c" 630 "src/import/import.c" 631 "src/import/importd.c" 632 # runs `tar` but also also creates a temporary directory with the string 633 "src/import/pull-tar.c" 634 ]; 635 } 636 ] ++ lib.optionals withKmod [ 637 { 638 search = "/sbin/modprobe"; 639 replacement = "${lib.getBin kmod}/sbin/modprobe"; 640 where = [ "units/modprobe@.service" ]; 641 } 642 ]; 643 644 # { replacement, search, where, ignore } -> List[str] 645 mkSubstitute = { replacement, search, where, ignore ? [ ] }: 646 map (path: "substituteInPlace ${path} --replace '${search}' \"${replacement}\"") where; 647 mkEnsureSubstituted = { replacement, search, where, ignore ? [ ] }: 648 let 649 ignore' = lib.concatStringsSep "|" (ignore ++ [ "^test" "NEWS" ]); 650 in 651 '' 652 set +e 653 search=$(grep '${search}' -r | grep -v "${replacement}" | grep -Ev "${ignore'}") 654 set -e 655 if [[ -n "$search" ]]; then 656 echo "Not all references to '${search}' have been replaced. Found the following matches:" 657 echo "$search" 658 exit 1 659 fi 660 ''; 661 in 662 '' 663 mesonFlagsArray+=(-Dntp-servers="0.nixos.pool.ntp.org 1.nixos.pool.ntp.org 2.nixos.pool.ntp.org 3.nixos.pool.ntp.org") 664 export LC_ALL="en_US.UTF-8"; 665 666 ${lib.concatStringsSep "\n" (lib.flatten (map mkSubstitute binaryReplacements))} 667 ${lib.concatMapStringsSep "\n" mkEnsureSubstituted binaryReplacements} 668 669 substituteInPlace src/libsystemd/sd-journal/catalog.c \ 670 --replace /usr/lib/systemd/catalog/ $out/lib/systemd/catalog/ 671 672 substituteInPlace src/import/pull-tar.c \ 673 --replace 'wait_for_terminate_and_check("tar"' 'wait_for_terminate_and_check("${gnutar}/bin/tar"' 674 ''; 675 676 # These defines are overridden by CFLAGS and would trigger annoying 677 # warning messages 678 postConfigure = '' 679 substituteInPlace config.h \ 680 --replace "POLKIT_AGENT_BINARY_PATH" "_POLKIT_AGENT_BINARY_PATH" \ 681 --replace "SYSTEMD_BINARY_PATH" "_SYSTEMD_BINARY_PATH" \ 682 --replace "SYSTEMD_CGROUP_AGENTS_PATH" "_SYSTEMD_CGROUP_AGENT_PATH" 683 ''; 684 685 env.NIX_CFLAGS_COMPILE = toString ([ 686 # Can't say ${polkit.bin}/bin/pkttyagent here because that would 687 # lead to a cyclic dependency. 688 "-UPOLKIT_AGENT_BINARY_PATH" 689 "-DPOLKIT_AGENT_BINARY_PATH=\"/run/current-system/sw/bin/pkttyagent\"" 690 691 # Set the release_agent on /sys/fs/cgroup/systemd to the 692 # currently running systemd (/run/current-system/systemd) so 693 # that we don't use an obsolete/garbage-collected release agent. 694 "-USYSTEMD_CGROUP_AGENTS_PATH" 695 "-DSYSTEMD_CGROUP_AGENTS_PATH=\"/run/current-system/systemd/lib/systemd/systemd-cgroups-agent\"" 696 697 "-USYSTEMD_BINARY_PATH" 698 "-DSYSTEMD_BINARY_PATH=\"/run/current-system/systemd/lib/systemd/systemd\"" 699 700 ] ++ lib.optionals stdenv.hostPlatform.isMusl [ 701 "-D__UAPI_DEF_ETHHDR=0" 702 ]); 703 704 doCheck = false; # fails a bunch of tests 705 706 # trigger the test -n "$DESTDIR" || mutate in upstreams build system 707 preInstall = '' 708 export DESTDIR=/ 709 ''; 710 711 mesonInstallTags = lib.optionals buildLibsOnly [ "devel" "libudev" "libsystemd" ]; 712 713 postInstall = lib.optionalString (!buildLibsOnly) '' 714 mkdir -p $out/example/systemd 715 mv $out/lib/{binfmt.d,sysctl.d,tmpfiles.d} $out/example 716 mv $out/lib/systemd/{system,user} $out/example/systemd 717 718 rm -rf $out/etc/systemd/system 719 720 # Fix reference to /bin/false in the D-Bus services. 721 for i in $out/share/dbus-1/system-services/*.service; do 722 substituteInPlace $i --replace /bin/false ${coreutils}/bin/false 723 done 724 725 # For compatibility with dependents that use sbin instead of bin. 726 ln -s bin "$out/sbin" 727 728 rm -rf $out/etc/rpm 729 '' + lib.optionalString (!withKernelInstall) '' 730 # "kernel-install" shouldn't be used on NixOS. 731 find $out -name "*kernel-install*" -exec rm {} \; 732 '' + lib.optionalString (!withDocumentation) '' 733 rm -rf $out/share/doc 734 '' + lib.optionalString (withKmod && !buildLibsOnly) '' 735 mv $out/lib/modules-load.d $out/example 736 '' + lib.optionalString withSysusers '' 737 mv $out/lib/sysusers.d $out/example 738 ''; 739 740 # Avoid *.EFI binary stripping. 741 # At least on aarch64-linux strip removes too much from PE32+ files: 742 # https://github.com/NixOS/nixpkgs/issues/169693 743 # The hack is to move EFI file out of lib/ before doStrip run and return it 744 # after doStrip run. 745 preFixup = lib.optionalString withBootloader '' 746 mv $out/lib/systemd/boot/efi $out/dont-strip-me 747 ''; 748 749 # Wrap in the correct path for LUKS2 tokens. 750 postFixup = lib.optionalString withCryptsetup '' 751 for f in bin/systemd-cryptsetup bin/systemd-cryptenroll; do 752 # This needs to be in LD_LIBRARY_PATH because rpath on a binary is not propagated to libraries using dlopen, in this case `libcryptsetup.so` 753 wrapProgram $out/$f --prefix LD_LIBRARY_PATH : ${placeholder "out"}/lib/cryptsetup 754 done 755 '' + lib.optionalString withBootloader '' 756 mv $out/dont-strip-me $out/lib/systemd/boot/efi 757 '' + lib.optionalString withUkify '' 758 # To cross compile a derivation that builds a UKI with ukify, we need to wrap 759 # ukify with the correct binutils. When wrapping, no splicing happens so we 760 # have to explicitly pull binutils from targetPackages. 761 wrapProgram $out/bin/ukify --prefix PATH : ${lib.makeBinPath [ targetPackages.stdenv.cc.bintools ] }:${placeholder "out"}/lib/systemd 762 ''; 763 764 disallowedReferences = lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) 765 # 'or p' is for manually specified buildPackages as they dont have __spliced 766 (builtins.map (p: p.__spliced.buildHost or p) finalAttrs.nativeBuildInputs); 767 768 passthru = { 769 # The `interfaceVersion` attribute below points out the incompatibilities 770 # between systemd versions. When the new systemd build is 771 # backwards-compatible with the previous one, then they can be switched at 772 # runtime (the reboot being optional in this case); otherwise, a reboot is 773 # needed - and therefore `interfaceVersion` should be incremented. 774 interfaceVersion = 2; 775 776 inherit withBootloader withCryptsetup withEfi withHostnamed withImportd withKmod 777 withLocaled withMachined withPortabled withTimedated withTpm2Tss withUtmp 778 util-linux kmod kbd; 779 780 tests = { 781 inherit (nixosTests) 782 switchTest 783 systemd-journal 784 systemd-journal-gateway 785 systemd-journal-upload; 786 cross = 787 let 788 systemString = 789 if stdenv.buildPlatform.isAarch64 790 then "gnu64" 791 else "aarch64-multiplatform"; 792 in 793 pkgsCross.${systemString}.systemd; 794 }; 795 }; 796 797 meta = { 798 homepage = "https://www.freedesktop.org/wiki/Software/systemd/"; 799 description = "System and service manager for Linux"; 800 longDescription = '' 801 systemd is a suite of basic building blocks for a Linux system. It 802 provides a system and service manager that runs as PID 1 and starts the 803 rest of the system. systemd provides aggressive parallelization 804 capabilities, uses socket and D-Bus activation for starting services, 805 offers on-demand starting of daemons, keeps track of processes using Linux 806 control groups, maintains mount and automount points, and implements an 807 elaborate transactional dependency-based service control logic. systemd 808 supports SysV and LSB init scripts and works as a replacement for 809 sysvinit. Other parts include a logging daemon, utilities to control basic 810 system configuration like the hostname, date, locale, maintain a list of 811 logged-in users and running containers and virtual machines, system 812 accounts, runtime directories and settings, and daemons to manage simple 813 network configuration, network time synchronization, log forwarding, and 814 name resolution. 815 ''; 816 license = with lib.licenses; [ 817 # Taken from https://raw.githubusercontent.com/systemd/systemd-stable/${finalAttrs.src.rev}/LICENSES/README.md 818 bsd2 819 bsd3 820 cc0 821 lgpl21Plus 822 lgpl2Plus 823 mit 824 mit0 825 ofl 826 publicDomain 827 ]; 828 maintainers = with lib.maintainers; [ flokli kloenk ]; 829 platforms = lib.platforms.linux; 830 priority = 10; 831 badPlatforms = [ 832 # https://github.com/systemd/systemd/issues/20600#issuecomment-912338965 833 lib.systems.inspect.platformPatterns.isStatic 834 ]; 835 }; 836})